[Samba] Re: Can't Find Password
John Peak
john.peak at mckesson.com
Tue Apr 15 16:02:22 GMT 2003
Thanks again for the help so far. It appears that this was a problem, but I
don't think it we *the* problem. It appears that Samba still cannot lookup
the account in LDAP even thought it is now connecting using the proper admin
login.
Just to recap...:
1) Trying to login to Samba using an LDAP backend gives me
NT_STATUS_NO_SUCH_USER
2) I get a "Problem during the LDAP search: (No such object)" in my log
which I think is just Samba trying to lookup the sambaGroupMapping object.
I do not have this in my LDAP database, but don't believe this should cause
problems.
3) The LDAP log I've included also seems to indicate that the LDAP search
is being performed and is returning something. Also, when I manually run
ldapsearch I get the "root" posixAccount record back as expected.
4) I should point out is that in my earlier messages I think Samba was
reading the "root" account from the unix passwd file rather than LDAP. I
have since removed the "unixsam" setting in my "passdb backend" parameter so
that it should now only look in LDAP for my user accounts.
I've tried to include all of the necessary info below. I appreciate any new
suggestion you have. Do you think this could be a bug in the ldapsam code?
I didn't see anyone else with this problem which makes me doubt it.
smb.conf
---------
[global]
workgroup = ELUCIDATION
#passdb backend = ldapsam unixsam guest
passdb backend = ldapsam guest
non unix account range = 10000-19999
passwd program = /usr/local/sbin/smbldap-passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
log level = 100
log file = /var/log/samba/log.%m
logon script = logon.cmd
logon drive = H:
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap ssl = no
ldap filter = "(&(uid=%u)(objectclass=sambaAccount))"
ldap admin dn = "cn=Manager,dc=elucidation"
Log File
--------
[2003/04/15 12:04:45, 5] auth/auth_util.c:debug_unix_user_token(513)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2003/04/15 12:04:45, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(146)
ldapsam_search_one_user: searching
for:[(&(uid=root)(objectclass=sambaAccount))]
[2003/04/15 12:04:45, 10] lib/ldap.c:smb_ldap_open_connection(143)
smb_ldap_open_connection: ldap://localhost:389
[2003/04/15 12:04:45, 2] lib/ldap.c:smb_ldap_open_connection(234)
smb_ldap_open_connection: connection opened
[2003/04/15 12:04:45, 10] lib/ldap.c:smb_ldap_connect_system(362)
ldap_connect_system: Binding to ldap server ldap://localhost:389 as
"cn=Manager,dc=elucidation"
[2003/04/15 12:04:46, 2] lib/ldap.c:smb_ldap_connect_system(394)
ldap_connect_system: succesful connection to the LDAP server
[2003/04/15 12:04:46, 4] lib/ldap.c:smb_ldap_open(445)
The LDAP server is succesful connected
[2003/04/15 12:04:46, 0] passdb/pdb_ldap.c:ldapsam_search_one_user(155)
ldapsam_search_one_user: Problem during the LDAP search: (No such object)
[2003/04/15 12:04:46, 3] passdb/pdb_ldap.c:ldapsam_search_one_user(157)
ldapsam_search_one_user: Query was: ,
(&(uid=root)(objectclass=sambaAccount))
[2003/04/15 12:04:46, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/04/15 12:04:46, 3] auth/auth_sam.c:check_sam_security(436)
Couldn't find user 'root' in passdb file.
[2003/04/15 12:04:46, 5] auth/auth.c:check_ntlm_password(249)
check_ntlm_password: sam authentication for user [root] FAILED with error
NT_STATUS_NO_SUCH_USER
[2003/04/15 12:04:46, 2] auth/auth.c:check_ntlm_password(294)
check_ntlm_password: Authentication for user [root] -> [root] FAILED with
error NT_STATUS_NO_SUCH_USER
LDAP debug log
-----------------
Apr 15 12:38:15 sam slapd[5874]: ==> ldbm_back_bind: dn:
cn=Manager,dc=elucidation
Apr 15 12:38:15 sam slapd[5874]: send_ldap_result: 0::
Apr 15 12:38:15 sam slapd[5871]: connection_get(9)
Apr 15 12:38:15 sam slapd[5888]: SRCH "" 2 0
Apr 15 12:38:15 sam slapd[5888]: 0 0 0
Apr 15 12:38:15 sam slapd[5888]: filter:
(&(uid=root)(objectClass=sambaAccount))
Apr 15 12:38:15 sam slapd[5888]: attrs:
Apr 15 12:38:15 sam slapd[5888]: uid
Apr 15 12:38:15 sam slapd[5888]: pwdLastSet
Apr 15 12:38:15 sam slapd[5888]: logonTime
Apr 15 12:38:15 sam slapd[5888]: logoffTime
Apr 15 12:38:15 sam slapd[5888]: kickoffTime
Apr 15 12:38:15 sam slapd[5888]: cn
Apr 15 12:38:15 sam slapd[5888]: pwdCanChange
Apr 15 12:38:15 sam slapd[5888]: pwdMustChange
Apr 15 12:38:15 sam slapd[5888]: displayName
Apr 15 12:38:15 sam slapd[5888]: homeDrive
Apr 15 12:38:15 sam slapd[5888]: smbHome
Apr 15 12:38:15 sam slapd[5888]: scriptPath
Apr 15 12:38:15 sam slapd[5888]: profilePath
Apr 15 12:38:15 sam slapd[5888]: description
Apr 15 12:38:15 sam slapd[5888]: userWorkstations
Apr 15 12:38:15 sam slapd[5888]: rid
Apr 15 12:38:15 sam slapd[5888]: primaryGroupID
Apr 15 12:38:15 sam slapd[5888]: lmPassword
Apr 15 12:38:15 sam slapd[5888]: ntPassword
Apr 15 12:38:15 sam slapd[5888]: acctFlags
Apr 15 12:38:15 sam slapd[5888]: domain
Apr 15 12:38:15 sam slapd[5888]: objectClass
Apr 15 12:38:15 sam slapd[5888]: uidNumber
Apr 15 12:38:15 sam slapd[5888]: gidNumber
Apr 15 12:38:15 sam slapd[5888]: homeDirectory
> -----Original Message-----
> From: Bradley W. Langhorst [mailto:brad at langhorst.com]
> > [2003/04/14 10:08:55, 2] lib/ldap.c:smb_ldap_connect_system(394)
> > ldap_connect_system: succesful connection to the LDAP server
> > [2003/04/14 10:08:55, 4] lib/ldap.c:smb_ldap_open(445)
> > The LDAP server is succesful connected
> > [2003/04/14 10:08:55, 0]
> > passdb/pdb_ldap.c:ldapsam_search_one_user(155)
> > ldapsam_search_one_user: Problem during the LDAP search: (No such
> > object)
> here's a problem...
> when you bind to ldap as "" you can't see the object you want
>
> have a look at ldap admin dn =
>
More information about the samba
mailing list